Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

MrSeb writes "A cross-disciplinary team of US neuroscientists and cryptographers have developed a password/passkey system that removes the weakest link in any security system: the human user. It's ingenious: The system still requires that you enter a password, but at no point do you actually remember the password, meaning it can't be written down and it can't be obtained via coercion or torture — i.e. rubber-hose cryptanalysis. The system, devised by Hristo Bojinov of Stanford University and friends from Northwestern and SRI, relies on implicit learning, a process by which you absorb new information — but you're completely unaware that you've actually learned anything; a bit like learning to ride a bike. The process of learning the password (or cryptographic key) involves the use of a specially crafted computer game that, funnily enough, resembles Guitar Hero. Their experimental results suggest that, after a 45 minute learning session, the 30-letter password is firmly implanted in your subconscious brain. Authentication requires that you play a round of the game — but this time, your 30-letter sequence is interspersed with other random 30-letter sequences. To pass authentication, you must reliably perform better on your sequence. Even after two weeks, it seems you are still able to recall this sequence."

How many standard deviations above 'random guessing' are we talking about? Over how many trials? And 2 weeks is fine, but what about 6 months to a year?

I still prefer 80+ character passphrases lifted from song lyrics whenever possible. If you know the song well enough it's impossible to crack, and the search space is still large among people who know you like that particular song

I still prefer 80+ character passphrases lifted from song lyrics whenever possible. If you know the song well enough it's impossible to crack, and the search space is still large among people who know you like that particular song

I highly doubt that the search space is large enough. You cannot memorize many song texts (no more than a few thousand, and I'm being optimistic here) and it is easy to predict from background information which songs you know and like. Given that, plus the fact that it is highly likely that you will start your passphrase at a word boundary, it looks awfully easy to break your 80+ character passphrase using a customized dictionary attack.

Passphrases from books might fare better, assuming that you have a few

People don't tend to memorise songs they don't like. Generally speaking, most users would probably choose a lyric from one of the songs listed as their favourite songs on their Facebook (or equivalent) page. Additionally, if everyone were doing this and you had a collection of hashes you wanted to break, you could probably break a large percentage of them just by choosing the "best" lyrics from a list of the top 100 all-time songs.

As the salt is known and fixed, it'd still be fairly efficient when bruting a large number of passwords at once as would be obtained from a stolen database. A trivial change would make life substantially harder for an attacker: change sha1(mypassword+'slashdot.org') to sha1(mypassword+username+'slashdot.org')

That is not true. It has been proven that passphrases can be weaker than passwords, simply because words usually follow each other in an ordered pattern.

You'll be safe from brute force attacks, but not any attack that adds intelligence to the mix. And if the person cracking your password knows it uses music lyrics you love, you'll be even more at risk since it only has to test for the songs you like.

An 8 character password using ASCII printable characters only has 5,595,818,096,650,401 possibilities. I'm guessing less than that number of songs have been written... even with variations in lyrics. Even with a thousand variations per song, and a trillion songs to seed the password cracker... you're still looking at a few minutes, perhaps an hour, to crack your password. Your keyspace is pathetically small.

An 8 character password using ASCII printable characters only has 5,595,818,096,650,401 possibilities

GP was talking about 80 character passwords (not 8), which even if we assume a low entropy of 2 bits per character still gives you 160 bits of entropy. If you throw odd spellings, capitalizations, number substitutions, and in-jokes into the mix, you can significantly increase that number, but 160 bits still puts you well above

But you don't get around the extraction by torture. You can tell someone your password is the first verse of God Save the Queen, but what you've got here is actually a form of biometric password, but instead of a finger print, it is instead using the unique process by which you learn a given task, a kind of 'brainprint'. You can still be coerced to enter the password, having been brought to the location. But would you be able to enter the password under duress?

Also, what happens if you're just really good at the game? I mean it's based on you being better at playing your password than other chords. If you're playing everything flawlessly are you permanently locked out?

Not just that, but for rubber-hose methods - have your victim go through the login a couple times, if you can access a remote login - record. Or even over the shoulder recording of a couple logins (well placed security cam) to get the desired sequence?

Seems like this has quite a few flaws.

As for the music lyrics, add quotes from movies/books and poems, and you have an even nicer space to go through. Especially if you can think of (to you) sensible and regular mutilations of the words.

How many standard deviations above 'random guessing' are we talking about? Over how many trials? And 2 weeks is fine, but what about 6 months to a year?

You're missing the point. They're missing the point. It's easy to make one password secure against guessing it in a million years of trying.

But I don't need to remember one password. I need to remember thirty passwords (for my most important stuff, plus another fifty for sites I visit once or twice), all different, and a large subset of which have to be changed every 60 days. If it takes "a 45 minute learning session" for "the 30-letter password to be firmly implanted in your subconscious brain" this is purely out of the question.

And if the answer is "well, just use the the one password because it's unguessable and you can use it for everything"-- yeah, what could possibly go wrong?

Yeah, the basic premise here is to store the key in muscle memory, which is a fantastic idea. It's difficult to forget (not impossible, but difficult) and near impossible to extract without the owner's knowledge and permission; An attacker might be able to induce finger tapping but capturing it and recording it will be extremely difficult. Also, it comes with an indirect from of biometric identification, because even if an attacker somehow manages to extract the correct key, the input mechanism can presumab

While an interesting exercise, with outstanding payoff, I'd prefer to memorize the names of people that have been convicted of breaking into systems and abusing them, then sentenced to 30-50 years in a Gulag.

Think about it: forcing yourself to memorize a long stupid string because there are jerks out there that will break into your stuff, steal your identity, and give your credit card numbers for pennies per. There's something wrong here.

It may be plausible but I think that here in the UK it's still illegal - we can be given 2 years inside for not revealing a password when asked for it by the relevant authority. I can see this system putting some people away for a little while.

This 30-character sequence is played back to the user three times in a row, and then padded out with 18 random characters, for a total of 108 items. This sequence is repeated five times (540 items), and then there’s a short pause. This entire process is repeated six more times, for a total of 3,780 items.

Replace 'character' with 'note' and it's clear subjects were tortured with Philip Glass for 80 hours and won't soon forget.

The game only works if the machine knows what your password is, so that you can succeed at playing that sequence better.

Which reveals the flaw in the scheme ; currently, the computer you are logging into doesn't need to know your password - it stores a hash instead. With this scheme, the machine needs a way to recover your password as plaintext, so that it can test you on it. Which means that if you can sieze the system itself, you can get into it, you just need to extract the password and train someone else to know it.

Shared secrets are not insecure. Applied incorrectly they are insecure.

When a given pairing is unique (i.e. the credential authenticates exactly one endpoint to exactly one other endpoint), then a breach of the level of acquiring the password data is likely going to yield nothing more than you already have: free reign over the system holding the data. In this case, the authenticator selected the characters randomly.

I can't stand idiots like you, who always act as if games were an "excuse" or "waste of time", when they are the MOTHER of all education, art, sports and entertainment.There is no better way to explore something new, than games. That's what they are there for.It's things like school as we know it, that is a waste of time and deeply utterly wrong.

It sounds like the way this works, the server will need to know what the password is in order to produce the combined sequence. Doesn't that make it weaker than ordinary passwords? And if you repeatedly get the same random sequence, over time you'll learn that as well. OTOH if you get different random sequences, then it would be possible to extract the original sequence. Did I miss something here?

There are a few ways to do this.Pretending that it's for the moment typing a letter in response to some other letter.If the correct response to a stimulus 'A' is 'a' - then the server can take a response to a randomly chosen phrase -AQRGS, and then get response fqrgs, and hand both of these over to an authentication server, which determines the match.

Or, it can contact an authentication server, which deals with both the exact challenge to be sent, and verifies the response.In som

Or, it can contact an authentication server, which deals with both the exact challenge to be sent, and verifies the response.In some apps, this may be a valid way to do things.

Not really... if I want to crack your password, all I have to do is send a few requests to the authentication server, and look at the challenges it responds with. Find the sequence of 30 characters that's repeated in all of them, and there's your password.

Their experimental results suggest that, after a 45 minute learning session, the 30-letter password is firmly implanted in your subconscious brain. Authentication requires that you play a round of the game

I'm assuming I'll still be automatically logged out after 5 minutes of inactivity, cannot recover but will have to change my password when forgotten and passwords will expire every month?

Also; the research suggests users will have to perform better on the injected "password" sequences than random sequences... how will they deal with top players that get a perfect score every time for the entire sequence?

Nevermind that: They seriously expect people to sit through 45 minutes of training to learn a password?

And how long to log in?

But the biggest problem I see apart from the plain text storage of passwords is that people don't just authenticate to one place, but dozens or more. This could only work it was a global SSO system, where you log in once. But that implies that if the system is compromised anywhere it's compromised everywhere.

Colour me unimpressed. It's good that people study these things, but we need a system where scientists can report their study as a failure and still be thanked for their job.

Only 38 bits of entropy because there's only 6 choices for each of the 30 characters. Yeah a Tesla GPU can chew through that in a day. I'd post the relevant XKCD comic but I'm pretty sure everyone here knows what it is already.

The system requires that you copy-write a short random message by hand, but at no point do you actually remember the subtleties of your individual writing style, like the ballpoint pressure or distribution of the shape of "o"s, meaning it can't be presented as a plain sequence of letters and it can't be obtained via coercion or torture i.e. rubber-hose cryptanalysis. The system, devised by Anonymous Coward, relies on implicit learning, a process by which you absorb new information, but you're completely unaware that you've actually learned anything; a bit like learning to ride a bike. The process of learning the password (or cryptographic key) does NOT involve anything, as your writing style is likely already precisely and intricately shaped for years.

Without a human specialist, a dedicated OCR software would need to be developed, though...

Who would allow a truly secure system to have static passwords - most require a change once a month. Now it costs 9 hours a year, or 0.5% of your entire payroll costs just to learn the passwords. Since the sequence must be played back using a large string of random sequences in which the password sequence is embedded, I presume that would probably take at least 2 minutes to be of both necessary and sufficient length. Let's presume that you only have to log in twice a day (when you arrive, and when you com

To the vast majority of companies out there, you are not an asset, you are a liability on a balance sheet. Nobody can ever work hard enough to justify their salary, no matter how pathetic or insulting that salary is. You are less valuable than the office furniture.

Passwords are clearly a very bad idea - they just don't work for any number of logical, social and practical reasons. So it's great to see real thought going into alternatives. Although I think the overhead of 45 mins learning and other issues with this are a problem, I think the general premise must have something in it that would work well.

The fact we can recognise that we know something, even if we can't repeat it - e.g. you know if someone sings the wrong lyrics to a song even if you can't remember them yourself - MUST have some solution to this problem embedded in it somewhere...

Wouldn't biometrics already be a better solution if you want an authentication routine that strong? I mean to bypass multiple input biometrics (fingerprint + some other bodily feature) you'd have to kidnap the user. And if you already have the user under your control, you can probably force any strong password out of him.

How are you supposed to protect a password that you don't even know? It seems to me if someone knew how the system worked, they could trick an unsuspecting user into divulging their password without the users knowledge. This is obfuscation, nothing more.

A few readers have commented that the system will need to know your unhashed password. This is clearly bad, but there are even worse flaws.

A 30-character password sounds awfully strong (60^30 combinations if upper/lower-case chars and numbers are used). However, from the article: "Authentication requires that you play a round of the game — but this time, your 30-letter sequence is interspersed with other random 30-letter sequences". This means that the number of characters is irrelevant, really. What matters is the number of "30-letter sequences", and since you need to play them all, they will need to be limited. How many? 10 would probably too many to play, but will still only be the equivalent of a single-digit password. This system will be trivial to crack with brute-force guesses.

Even worse, repeated "login attempts" will reveal which sequence is the correct one - simply check which sequence repeats between tries.

How does your subconscious know which password to use? How many 30-bit passwords can be "implanted"?

Incidentally, the fact that the password is known is really not an issue, if you consider it simply another factor of security. I wouldn't want to play a damned game every time to log in anyway, but if I only occasionally used an account and this was used to verify the system I was on, that would be fine. Call it the Rumsfeld system: you log in with something you know, and something you don't know you know.

If I'm not mistaken, the only way the system checks whether you know the password is to ask you to play a pseudo-random "game", which they presume a person trained with the passphrase will play better....

And I guess the authors haven't ever got pwned by an expert IIDX player.......

(Just search Youtube for videos. If you think 45 minutes is enough for you to play better than them, you're terribly mistaken...)

It doesnt provide the same entropy as the regular password though. You can only move to 7 adjacent squares, and it very likely that you will travel in a straight direction. As long people understand password length, and pattern length are not the same, make it quite random, it should be good.

okay, I know people hate the dream explanations, esp. from men. But I had a dream where I was interviewing with a company [like a hipster startup like facebook sorta] and they used something like a midi sequencer and a keyboard to enter in the password in order to roll to production servers. All they guy needed to do was remember how to play the song... the whole song. He kept headphones and since he was a Senior, sat in the front center of the room like a dj. When the password was correct, the install scripts would start running and lights would blink and stuff, it was a big event (I guess this fantasy company doesn't roll everyday? it was a dream okay)

so, in conclusion, cant a song be a password?

Of course it could, but it would be a PITA to input and rather easy to guess by bystanders from a small sample. It would also be rather easy to set up a dictionary type attack.